When the Communications Decency Act was originally signed into law in 1996, there was a abundance of media coverage, particularly among media within the IS community. The focus of this coverage was on language in the CDA that sought to limit "indecency" on the Internet. In addition to the media coverage, the Internet’s own Blue Ribbon campaign popularly characterized the CDA as an anti-smut initiative.
When the Supreme Court struck down the indecency provisions of the CDA in Reno vs. ACLU, the popular and professional media again responded, this time lauding the court for ensuring free speech on the Web by repudiating the CDA. Contrary to most reporting, Reno did not strike down the CDA. Instead, it left intact the vast majority of the Act, and what remains has important implications for IS administrators.
The CDA has received previous coverage in Communications (see [6, 8]). As in most reporting on the CDA, this coverage focused exclusively on the indecency provisions of the Act, and its ramifications for free speech and economic development of the Internet [35, 7]. Although both articles were certainly accurate in their review of the free speech aspects of the CDA, neither article addressed the broad range of expanded prohibitions created by the portions of the CDA remaining after Reno. For IS administrators, these lesser-known components of the CDA represent as much disruption and danger to organizational computing as the indecency provisions did to the Internet.
What Reno Actually Did
Because so much of the discussion of the CDA has focused on the indecency provisions of the Act, the fact that the CDA addresses a much broader agenda has gone largely unnoticed. The vast majority of the CDA, in fact, addresses issues well beyond the Internet (such as obscenity on cable television, the television rating codes, and establishment of a technology fund) and are not of any particular concern to most business organizations. None of these sections were the subject of any appeal.
In Reno, the Supreme Court upheld a lower court’s decision to prevent enforcement of certain provisions of the CDA. This was effected by severing the term "or indecent" from sections 223(a)(1)(A)(ii) and 223(a)(1)(B)(ii) and removing all of section 223(d) from the text of the CDA [2]. Although the ruling restricted some of the original intent of the CDA, it still made history by officially classifying the Internet in the same category as printed media. As such, the Reno decision specifically states that obscenity on the Internet is a criminal offense and punishable under already existing case and statutory law (see Miller vs. California, which details qualifications for obscene printed material).
Except for these changes, the CDA stands as originally written. What remains in these portions of the CDA, in association with other related legislation, can expose an unprepared organization to substantial liability.
For IS administrators, these lesser-known components of the CDA represent as much disruption and danger to organizational computing as the indecency provisions did to the Internet.
The CDA amends an earlier section of the Telecommunications Act of 1934 that dealt with impermissible uses of the telephone; as is evident in the language, the CDA now proscribes a range of behaviors using any telecommunications device. This expansive new language applies to voice mail, facsimile machines, email, electronic file transfer, Web pages, or any other telecommunications equipment. Because the bulk of these telecommunications media are supervised by the IS staff, this redefinition has taken the responsibility for controlling such misconduct out of the hands of the phone company, and placed it squarely in those of IS administrators.
The CDA clearly prohibits the use of any telecommunications device to harass or annoy; this would include sending threatening email, harassment by displaying or transmitting objectionable pictures or text, sending obscene, threatening, or annoying faxes. Many of these prohibitions directly affect IS administration, in that many violations could occur using organizational information systems. The remaining text of the CDA reads as follows:
Whoever in interstate or foreign communications by means of a telecommunications device knowingly makes, creates, or solicits, and initiates the transmission of any comment, request, suggestion, proposal, image, or other communication which is obscene, lewd, lascivious, or filthy, with intent to annoy, abuse, threaten, or harass another person; or by means of a telecommunications device knowingly makes, creates, or solicits, and initiates the transmission of any comment, request, suggestion, proposal, image, or other communication which is obscene, knowing that the recipient of the communication is under 18 years of age, regardless of whether the maker of such communication placed the call or initiated the communication; makes a telephone call or utilizes a telecommunications device, whether or not conversation or communication ensues, without disclosing his identity and with intent to annoy, abuse, threaten, or harass any person at the called number or who receives the communications; makes or causes the telephone of another repeatedly or continuously to ring, with intent to harass any person at the called number; or makes repeated telephone calls or repeatedly initiates communication with a telecommunications device, during which conversation or communication ensues, solely to harass any person at the called number or who receives the communication; or knowingly permits any telecommunications facility under his control to be used for any activity prohibited by paragraph (1) with the intent that it be used for such activity, shall be fined under title 18, United States Code, or imprisoned not more than two years, or both."
IS administration and management in general need to protect the organization from potential criminal and/or civil liability resulting from their employees’ violations of the Act. Fortunately, the Act does provide a series of acceptable defenses against employer liability for the actions of their employees. Section 223(e)(4) states:
No employer shall be held liable under this section for the actions of an employee or agent unless the employee’s or agent’s conduct is within the scope of his or her employment or agency and the employer having knowledge of such conduct, authorizes or ratifies such conduct, or recklessly disregards such conduct.
Traditionally, employers are responsible for the actions of their employees within the scope of their jobs. This concept, known as respondeat superior, has been a mechanism to gain access to the deep pockets of the employer. Thus, once it is established that the employee is violating the law, the employer may be liable if it knew about or tolerated the illegal conduct, or recklessly disregarded the conduct by ignoring the obvious. If the organization makes a "good faith effort" to prohibit impermissible activities, it can significantly reduce its potential for liability; the best instrument to accomplish this is a clearly defined organizational telecommunications-use policy outlining acceptable and unacceptable uses of organizational telecommunications equipment. Such a policy is described in Whitman, Townsend and Aalberts [9], and specifically details a comprehensive strategy an organization can use to protect itself from problems arising from employee violations of the CDA.
Once a formal policy is drafted, disseminated, and agreed to by employees, the organization has demonstrated, "good faith effort" to comply with the CDA. Of course, management must vigorously enforce the policy. The CDA will not tolerate an ostrich-like approach to enforcement.
The CDA was originally intended to curtail minors’ exposure to indecent material, as well as regulate inappropriate uses of a range of telecommunications equipment. While the Reno decision effectively removed provisions of the CDA relating to indecency, the CDA still possesses significant content that affects the administration of telecommunications and information systems in organizations. In its revised form, the CDA provides much needed protection to both individuals and organizations from improper use of telecommunications equipment. IS administrators must initiate a proactive organizational response to ensure that their firms are optimally protected against liability arising from employee violations of the CDA,1 as well as other related technology law.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment